the labeling procedure
Steve Brueckner
steve at atc-nycorp.com
Mon Jun 27 17:35:14 UTC 2005
> restorecon doesn't rely on having policy sources
> (selinux-policy-targeted-sources) installed. It uses the installed
> file_contexts configuration created by the policy
> (selinux-policy-targeted) package. That lives
> under /etc/selinux/targeted/contexts/files.
Aha, I think the O'Reilly book is just out of date. Not surprising
considering the moving target that is SELinux.
> SELinux utilities don't rely on having the policy sources available,
> as you likely don't want them on production systems. make relabel is
> really only for developers, and hardly used at all anymore (it
> predates having fixfiles and restorecon).
Actually I am developing here. My problem is that I have a huge chroot
directory (basically a full duplicate of the whole system) and I want to get
everything in there labeled as if it was outside chroot. To do this I
duplicated file_contexts/types.fc and used sed to prepend the chroot
directory to every line. It seems to work pretty well, but I'm still having
trouble getting the user home directories inside chroot labeled properly.
The homedirs macros and files are apparently throwing me.
I'd appreciate any suggestions on a better way to label the chroot
filesystem. And any ideas on how to get those chrooted homedirs labeled
correctly.
Stephen Brueckner, ATC-NY
More information about the selinux
mailing list